Jason Wang
2021-Aug-10 06:59 UTC
[PATCH v5] virtio-blk: Add validation for block size in config space
? 2021/8/10 ??12:59, Yongji Xie ??:> On Tue, Aug 10, 2021 at 11:05 AM Jason Wang <jasowang at redhat.com> wrote: >> >> ? 2021/8/9 ??6:16, Xie Yongji ??: >>> An untrusted device might presents an invalid block size >>> in configuration space. This tries to add validation for it >>> in the validate callback and clear the VIRTIO_BLK_F_BLK_SIZE >>> feature bit if the value is out of the supported range. >>> >>> And we also double check the value in virtblk_probe() in >>> case that it's changed after the validation. >>> >>> Signed-off-by: Xie Yongji <xieyongji at bytedance.com> >>> --- >>> drivers/block/virtio_blk.c | 39 +++++++++++++++++++++++++++++++++------ >>> 1 file changed, 33 insertions(+), 6 deletions(-) >>> >>> diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c >>> index 4b49df2dfd23..afb37aac09e8 100644 >>> --- a/drivers/block/virtio_blk.c >>> +++ b/drivers/block/virtio_blk.c >>> @@ -692,6 +692,28 @@ static const struct blk_mq_ops virtio_mq_ops = { >>> static unsigned int virtblk_queue_depth; >>> module_param_named(queue_depth, virtblk_queue_depth, uint, 0444); >>> >>> +static int virtblk_validate(struct virtio_device *vdev) >>> +{ >>> + u32 blk_size; >>> + >>> + if (!vdev->config->get) { >>> + dev_err(&vdev->dev, "%s failure: config access disabled\n", >>> + __func__); >>> + return -EINVAL; >>> + } >>> + >>> + if (!virtio_has_feature(vdev, VIRTIO_BLK_F_BLK_SIZE)) >>> + return 0; >>> + >>> + blk_size = virtio_cread32(vdev, >>> + offsetof(struct virtio_blk_config, blk_size)); >>> + >>> + if (blk_size < SECTOR_SIZE || blk_size > PAGE_SIZE) >>> + __virtio_clear_bit(vdev, VIRTIO_BLK_F_BLK_SIZE); >> >> I wonder if it's better to just fail here as what we did for probe(). >> > Looks like we don't need to do that since we already clear the > VIRTIO_BLK_F_BLK_SIZE to tell the device that we don't use the block > size in configuration space. Just like what we did in > virtnet_validate(). > > Thanks, > YongjiOk, so Acked-by: Jason Wang <jasowang at redhat.com>>